Secure RBAC Test Enforce/test the state of each policy's engagement for baremetal nodes, project reader and system reader. The tests use a try clause, catches the exception and checks the response status code match what is expected. Change-Id: I0b5f8eb881462f5d78f65bd37fbb8b296d9880eb

commit: e4756405cd66b870fd6f734e9f9a77b8bd579a43 [log] [tgz]
author: Julia Kreger <juliaashleykreger@gmail.com> Wed May 18 12:41:29 2022 -0700
committer: Harald Jensås <hjensas@redhat.com> Wed Apr 19 01:43:12 2023 +0200
tree: b9b0a0137baf568c580df1f8e23d80aa3e986490
parent: 5952cbd6da1f49b4ec9690e25d9383bbba9b0e6e [diff] [blame]
diff --git a/ironic_tempest_plugin/tests/api/base.py b/ironic_tempest_plugin/tests/api/base.py
index 5469579..6ebb162 100644
--- a/ironic_tempest_plugin/tests/api/base.py
+++ b/ironic_tempest_plugin/tests/api/base.py

@@ -482,3 +482,16 @@
         """
         resp, body = cls.client.create_allocation(resource_class, **kwargs)
         return resp, body
+
+
+class BaseBaremetalRBACTest(BaseBaremetalTest):
+
+    # Unless otherwise superceeded by a version, RBAC tests generally start at
+    # version 1.70 as that is when System scope and the delineation occured.
+    min_microversion = '1.70'
+
+    @classmethod
+    def skip_checks(cls):
+        super(BaseBaremetalRBACTest, cls).skip_checks()
+        if not CONF.enforce_scope.ironic:
+            raise cls.skipException('RBAC tests for Ironic are not enabled.')
commit	e4756405cd66b870fd6f734e9f9a77b8bd579a43	[log] [tgz]
author	Julia Kreger <juliaashleykreger@gmail.com>	Wed May 18 12:41:29 2022 -0700
committer	Harald Jensås <hjensas@redhat.com>	Wed Apr 19 01:43:12 2023 +0200
tree	b9b0a0137baf568c580df1f8e23d80aa3e986490
parent	5952cbd6da1f49b4ec9690e25d9383bbba9b0e6e [diff] [blame]